Author Topic: Any pen drive inserted in USB port prompts message from on access scanner  (Read 6944 times)

0 Members and 1 Guest are viewing this topic.

zohar995

  • Guest
What WIN do you have ? I have a Windows XP home

Are all ServicePacks and Windowsupdates applied ? Please CHECK !!Sometime ago I had a problem with my OS and after reinstalling it I can't seem to install any windows updates, before that I had the SP2. the result is that I disabled automatic updates and if I try to update they are downloaded but never installed

- What name does avast give the virus (e.g. like: "Win32:Netsky-P [Wrm]" )  ?The name is INF:AutoRun-V[trj]

- Where exactly was the infected File found (full path/folder/filename, e.g. like c:\Windows\system32\virusfile.exe) ? The infected file is found in F:\autorun.inf

Now my question is if every memory stick or pen drive I insert in the USB port causes the same reaction from AVAST, even if the device has been cleaned using AVAST on another machine or even formatted, could it be some sort of false alarm? And if so who can I use memory sticks in my USB drive again, Any suggestions?
Thank you,

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
the problem is in a infection of the USB stick when plugging it to your PC imho... it seems to have an running autorun virus dropper on your machine.. standard shiled catches the autorun.inf when writing it to a USB stick..

zohar995

  • Guest
If I understan you correctly my machine is infecting all USB stick when inserted into it...

If so what can I do to clean it?

Recently I had an infection by a virus called virut my OS didn't load so I had to take the machine to a lab where I was told that it was cleaned and returned to me more or less in a functioning state. Should I go back there?

Thanks.

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Virut is very dangerous file infector.. i don't know what they did with your PC to recover your files, but we can assume, that the Virut infection is gone... btw: Virut does not drop any autoruns... you should run HiJackThis and post the log here... we'll analyze it and tell you more ;)

zohar995

  • Guest
Hi,
This is the log from Hijackthis:
a-squared Anti-Malware - Version 3.5
Last update: 03/06/2008 15:48:07

Scan settings:

Objects: Memory, Traces, Cookies, C:\WINDOWS\, C:\Archivos de programa
Scan archives: On
Heuristics: On
ADS Scan: On

Inicio de examen:   03/06/2008 16:19:00

c:\archivos de programa\radlight company    detectado: Trace.Directory.RadLight
c:\archivos de programa\radlight company\radlight 4.0    detectado: Trace.Directory.RadLight
c:\archivos de programa\radlight company\radlight 4.0\capture    detectado: Trace.Directory.RadLight
c:\windows\downloaded program files\default.inf    detectado: Trace.File.iePlugin
Key: HKEY_USERS\S-1-5-21-1048142505-2451093677-520032851-1006\software\install    detectado: Trace.Registry.AdClicker
C:\Documents and Settings\Bar la Plazita\Cookies\bar la plazita@atdmt[2].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar la plazita@atdmt[3].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@2o7[1].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@adserver.hispavista[1].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@adtech[1].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@adtech[2].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@advertising[1].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@advertising[3].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@atdmt[2].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@atdmt[3].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@bravenet[2].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@bs.serving-sys[2].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@com[1].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@com[2].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@doubleclick[1].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@doubleclick[2].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@doubleclick[4].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@fastclick[1].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@goclick[2].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@google.com[1].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@google.com[2].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@hitbox[1].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@hitbox[3].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@media.adrevolver[1].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@media.adrevolver[2].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@media.hotels[1].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@media.sensis.com[1].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@mediaplex[1].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@qksrv[2].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@server.iad.liveperson[1].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@serving-sys[2].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@specificclick[2].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@stat.onestat[2].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@statcounter[1].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@statcounter[3].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@statse.webtrendslive[1].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@tradedoubler[2].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@tradedoubler[3].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Cookies\bar_la_plazita@webtrends.swiss[1].txt    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:76    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:244    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:277    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:278    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:316    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:365    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:376    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:377    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:378    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:408    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:438    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:492    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:493    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:494    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:504    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:505    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:519    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:533    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:546    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:547    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:548    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:549    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:611    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:612    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:613    detectado: Trace.TrackingCookie
C:\WINDOWS\Temp\DIL19.tmp    detectado: Trojan-Downloader.Win32.Small.wbx

Examinado

Archivos:    72453
Trazas:    403048
Cookies:    1317
Procesos:    35

Encontrado

Archivos:    1
Trazas:    5
Cookies:    64
Procesos:    0
Claves del registro:    0

Fin de examen:   03/06/2008 17:29:16
Tiempo de examen:   1:10:16

Hope you can analyze it and give me some advice.
Thanks.
Zohar

zohar995

  • Guest
I also ran a-squared Hijackfree analysis and this is the link http://analyze.hijackfree.com/analyze/?id=3e02f88a-19ab-4178-b735-a198c05341aa
Hope this helps.
It really is a lot for me to process all at once, but if it help and I learn something on the way I won't complain.
Thanks again.

zohar995

  • Guest
yet another log.
a-squared Anti-Malware - Version 3.5
Last update: 03/06/2008 15:48:07

Scan settings:

Objects: Memory, Traces, Cookies, C:\, D:\
Scan archives: On
Heuristics: On
ADS Scan: On

Inicio de examen:   03/06/2008 19:29:25

C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:77    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:245    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:278    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:279    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:317    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:366    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:377    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:378    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:379    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:409    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:439    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:493    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:494    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:495    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:505    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:506    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:520    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:534    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:547    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:548    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:549    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:550    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:612    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:613    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:614    detectado: Trace.TrackingCookie
C:\RECYCLER\S-1-5-21-1202660629-823518204-725345543-500\Dh40.exe    detectado: Worm.Win32.AutoRun.dxh
C:\System Volume Information\_restore{2F27279E-5E99-43C1-9131-999EB1615857}\RP15\A0004582.exe    detectado: Worm.Win32.AutoRun.dxh

Examinado

Archivos:    109311
Trazas:    403048
Cookies:    1237
Procesos:    34

Encontrado

Archivos:    2
Trazas:    0
Cookies:    25
Procesos:    0
Claves del registro:    0

Fin de examen:   03/06/2008 21:41:00
Tiempo de examen:   2:11:35

C:\RECYCLER\S-1-5-21-1202660629-823518204-725345543-500\Dh40.exe   quarantined: Worm.Win32.AutoRun.dxh
C:\System Volume Information\_restore{2F27279E-5E99-43C1-9131-999EB1615857}\RP15\A0004582.exe   quarantined: Worm.Win32.AutoRun.dxh
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:77   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:245   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:278   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:279   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:317   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:366   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:377   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:378   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:379   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:409   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:439   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:493   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:494   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:495   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:505   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:506   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:520   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:534   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:547   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:548   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:549   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:550   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:612   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:613   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:614   quarantined: Trace.TrackingCookie

quarantined:

Archivos:    0
Trazas:    0
Cookies:    25

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
something related to autorun virus (Worm.Win32.AutoRun.dxh) was there... can you see any autorun.inf on your fixed drives? look to the system drive root for it.. the file could be hidden by its attribute, you can unhide it or choose to show hidden files within your file manager..

zohar995

  • Guest
Hi,
I've found a few autorun.inf :
one in E: where I have the Windows SP3 in process of installation.
one in Program files/microsoft office
one in Program files/hp deskjet 3320 series/win2k_xp
one in Program files/microsoft office/ORK

How do I know what to do next?

The a-squared keep scanning my computer and this is the last log I had, if the file went to quarantine last time how can it keep appearing there?

a-squared Anti-Malware - Version 3.5
Last update: 04/06/2008 1:36:02

Scan settings:

Objects: Memory, Traces, Cookies, C:\, D:\
Scan archives: On
Heuristics: On
ADS Scan: On

Inicio de examen:   04/06/2008 9:56:04

C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:25    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:56    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:57    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:136    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:277    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:310    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:311    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:386    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:397    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:398    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:399    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:429    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:451    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:501    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:502    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:503    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:517    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:531    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:544    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:545    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:546    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:547    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:609    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:610    detectado: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:611    detectado: Trace.TrackingCookie
C:\System Volume Information\_restore{2F27279E-5E99-43C1-9131-999EB1615857}\RP16\A0004635.exe    detectado: Worm.Win32.AutoRun.dxh

Examinado

Archivos:    108373
Trazas:    404245
Cookies:    1234
Procesos:    34

Encontrado

Archivos:    1
Trazas:    0
Cookies:    25
Procesos:    0
Claves del registro:    0

Fin de examen:   04/06/2008 11:52:25
Tiempo de examen:   1:56:21

C:\System Volume Information\_restore{2F27279E-5E99-43C1-9131-999EB1615857}\RP16\A0004635.exe   quarantined: Worm.Win32.AutoRun.dxh
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:25   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:56   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:57   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:136   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:277   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:310   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:311   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:386   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:397   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:398   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:399   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:429   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:451   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:501   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:502   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:503   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:517   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:531   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:544   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:545   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:546   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:547   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:609   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:610   quarantined: Trace.TrackingCookie
C:\Documents and Settings\Bar la Plazita\Datos de programa\Mozilla\Firefox\Profiles\r0fhdwcx.default\cookies.txt:611   quarantined: Trace.TrackingCookie

quarantined:

Archivos:    0
Trazas:    0
Cookies:    25

zohar995

  • Guest
Is it safe for me to delete the files that have been sent to quarantine? Will this mean that my machine is clean? Sorry I have no idea and would really appreciate your help.
Thanks.

Hello again,
I have done this hijackthis scan and this is the log, I believe the previous ones were not what you asked for. Please let me know if my machine is really clean:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:23:34, on 12/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Dell\QuickSet\NICCONFIGSVC.exe
C:\Archivos de programa\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Archivos de programa\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Digital Line Detect\DLG.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\Archivos de programa\Skype\Phone\Skype.exe
C:\Archivos de programa\Skype\Plugin Manager\skypePM.exe
C:\Archivos de programa\eMule\emule.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\DOCUME~1\BARLAP~1\CONFIG~1\Temp\mexe.com
C:\DOCUME~1\BARLAP~1\CONFIG~1\Temp\download.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.es/ig/dell?hl=es&client=dell-row&channel=es&ibd=3060924
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thehungersite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.es/ig/dell?hl=es&client=dell-row&channel=es&ibd=3060924
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Archivos de programa\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Archivos de programa\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Archivos de programa\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Security Tool] WinSecure.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/19.11/uploader2.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {525019DF-8282-40DC-A0E0-13C076889F66} (InstallerSf Control) - http://www.softonic.com/sinespias/installer.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202824909312
O16 - DPF: {7142BA01-8BDF-11CF-9E23-0000E8A37440} (Surround Video Control Object) - http://www.strolling.com/main/svideo.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A691AC9-013A-4590-BBD3-E3CDB7023D19}: NameServer = 217.11.96.234,217.11.108.234
O17 - HKLM\System\CS1\Services\Tcpip\..\{4A691AC9-013A-4590-BBD3-E3CDB7023D19}: NameServer = 217.11.96.234,217.11.108.234
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Unknown owner - C:\Archivos de programa\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Archivos de programa\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Archivos de programa\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Sistema de alimentación ininterrumpida (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8316 bytes
« Last Edit: June 12, 2008, 02:29:22 PM by zohar995 »